hi

Status
Not open for further replies.

mispeled

Registered
Original poster
Joined
Aug 30, 2011
Posts
0
Reaction score
0
Points
0
Location
Berlin
Hello to everybody.

I joined here with a specific question in mind. I think I'll give the rest a read though, it looks promising.

I came here for advice, as I found myself in a difficult position.
I found an xss on a fairly big social network. I managed to exploit it to set up a fake profile that phones home the password of the viewer. Nothing I'm specially proud of, but a real issue for the website.

After just a little thinking this could potentially be a big problem. I can literally make a worm of it. (if you guys remember the myspace profile worm, this is exactly it, albeit on a smaller user base).

My primary concern is that someone else might be doing the same thing (again, very easy exploit) and hijacked my account, which I do use for it's intended purpose. I sent a mail to the administrators' profiles, used the "contact form" to send the same mail disclosing the breach and how to correct it. That was a week ago and I have no news, the infected profile still works. So how can I force them to secure their website, without risking them legally attacking me ?

And, out of sheer curiosity, since it's still running I have a couple of questions :
Right now it GETs the passwords to a server I own, I'm interested about how one can find an anonymous server of which he can read the logs. Or any way to retrieve the data anonymously for that matter.

And since I'm fairly new to this, I wonder how one goes about selling hijacked accounts ? Or service around those accounts (e.g. thousands of profile can "like" yours for a moderate price) ?

Looking forward to reading your thoughts.
 

Poorfag

bring back goldschool | we want plates
veteran
old school
senior
coldschool
member
Joined
Jan 29, 2010
Posts
6,165
Reaction score
1,494
Points
332
Hey there mispeled,

Welcome to TBN, I hope you enjoy your stay here on TheBotNet!
This forum is based on exploiting sites which are focused around making money and Instant Win Games. Unfortunately, this is not the forum for talking about hacking, and I recommend you search for other forums which can help you with this. Try a few of these sites.


if you want really impressive bots, exclusive forum access with sub only bots, a blue username and shoutbox, I would recommend you to Get a Subscription

I would recommend you Get a week of sub for free and try out the subscriber section before you buy!
 
Status
Not open for further replies.